[clamav-users] several malware samples, clamav doesn't detect

Fri Dec 25 00:03:55 UTC 2015

these were my submissions

for file in *; do openssl dgst -hex -sha1 $file; done

SHA1(10.zip)= 2c7d87bbd9aeeae639214c133145b5bdb8c719bb
SHA1(11.zip)= 0e82eb5d1531b74a6caa1d2fb2bba13da79e2350
SHA1(12.zip)= ea4ac41e53eb70d3b9bbbc3dde3ecac8b6682d17
SHA1(13.zip)= 80fbe131689950c038b8b48ee8a7deee2e06045b
SHA1(14.zip)= 53ac263e6b355b3efb48ce45b7e843bbeeb2f249
SHA1(15.zip)= 96aea47723c3ea3c233ec9bd7883e6bda8144c6c
SHA1(16.zip)= 2ecdccd3579575218deadeedabbe1748606059fd
SHA1(17.zip)= 39186baa3ab826ebd21a9077fc80abdfa843534f
SHA1(18.zip)= 54cce491ec4a22a9c863fc41c1ba0a703e29e0c2
SHA1(19.zip)= 87d134b5690b5f5790c2f95dabc897d199d6736c
SHA1(1.zip)= 6545894fdd07d2d2d6028863115ccd075cfb6f5c
SHA1(20.zip)= 8a2524427ca7391b7055c70ad62806cd9eaa51cd
SHA1(21.zip)= 5c15419eff4cd9b388e5a35bdfbc426995f968e1
SHA1(22.zip)= 232b431ca4e479dcf8ab790f5335c362f1fa9adb
SHA1(23.zip)= 94cfcc924b1d0f24bbabeff209e90b8ced1d44ff
SHA1(24.zip)= 3b989cb4166d393e1ea6a6c993342abc9825c496
SHA1(25.zip)= ab5c9980bd14654ddb6dbbc76ba2199cc1052584
SHA1(26.html.zip)= 5a8b01f1a3f1381bed9abd7502dec80dc6b6bec0
SHA1(27.zip)= 11bf007b15d624b40da6818393c5eb173110cf1f
SHA1(2.html)= b2387db0fa718da3aaa5f00d4ce2d68048e96d73
SHA1(3.zip)= c66d681323f169b38b57bb8af215fa1f4434b3c7
SHA1(4.html)= 3e6e688d4780c1ebc4cf0d2f5caedaae531f08bf
SHA1(5.zip)= a5b5a277eddae25f8d947622d6ddec4b38c5f494
SHA1(6.zip)= 6e59c943545977f58f87b49724bbac2eb31afe02
SHA1(7.zip)= a8821aeae2ab15640a0647c5842162a2074ed7e3
SHA1(8.zip)= 7239a63577aabd46069636aacb85b1ca725a11d0
SHA1(9.zip)= 298aa02cf43c1fa961117b2f7c5838c04a28df9a


On 24.12.2015 21:23, Joel Esler (jesler) wrote:
> Depends on a number of factors.   It may help us if you are looking into a particular threat is to provide us the hash of the file so we can look at it specifically.
>
> That being said, we're out of the office until Jan 4.
>
> --
> Joel Esler
> Manager, Talos Group
> Sent from my iPhone
>
> On Dec 24, 2015, at 3:01 PM, Walter H.<Walter.H at mathemainzel.info<mailto:Walter.H at mathemainzel.info>>  wrote:
>
>
> Yesterday I did a submission of more than 20 malwares by using a browser I'm not used to;
>
> How long does it typically last between the malware submission and its addition to the signatures?
>
> Greetings,
> Walter
>
> On 24.12.2015 00:53, Steven Morgan wrote:
> I'll check on alternate malware submission mechanisms. I tried the link
> that I gave previously and it is working for me.
>
> Steve
>
> On Wed, Dec 23, 2015 at 3:41 PM, Walter H.<Walter.H at mathemainzel.info<mailto:Walter.H at mathemainzel.info>>
> wrote:
>
> Hello,
>
> As I'm very new to this antivirus, which I installed just last week on my
> proxy server (a CentOS VM with SSL-Interception Squid); I registered to the
> list of the database update,
> and there I read the following:
>
> e.g.
> "Submission-ID: 682839831
> Sender: Virus Total
> Sender: Anonymous
> Added: Win.Adware.Agent-60405"
>
> how does it come that this gets from Virus Total, which I'm using
> regularily,
> even with the strange E-mails I'm "collecting" (makes my Karma that I'll
> receive them *gg*)
>
> I'm having troubles using the link you gave, as it doesn't work with the
> browser I'm used to;
>
> Merry Christman and Greetings from a very strange weather here in Austria
> (one might think to get t-shirt and shorts instead of pullovers and fur
> coats)
>
> Thanks,
> Walter
>
>
>
> On 23.12.2015 21:17, Steven Morgan wrote:
>
>    Walter,
>
> Please submit your malware samples here (website was changed recently):
>
> http://www.clamav.net/reports/malware.
>
> Thanks,
> Steve
>
>
>
> On Wed, Dec 23, 2015 at 3:01 PM, Walter H.<Walter.H at mathemainzel.info<mailto:Walter.H at mathemainzel.info>>
> wrote:
>
> Hello,
> I've got several malware samples - received via E-mail - that ClamAV
> doesn't detect
> where could I email them - uploading is difficult, because local
> antivirus
> blocks them - would send by email;
>
> I don't know why, but I receive regularily such malware by E-mail, which
> I
> forward to my AntiVirus vendor, and I also would do it this way to you;
>
> please tell me to which email address ...
>
> I noticed that the interface, that is mentioned in the "welcome
> newsletter
> list"-mail doesn't exist (404 error) and with
> http://www.clamav.net/reports/malware I've got difficulties to use;
>
> or would there just be an FTP where to upload them easily?
>
> Walter H.
>
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4312 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20151225/230c9253/attachment.bin>